Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS5093860 A
Publication typeGrant
Application numberUS 07/589,138
Publication dateMar 3, 1992
Filing dateSep 27, 1990
Priority dateSep 27, 1990
Fee statusPaid
Publication number07589138, 589138, US 5093860 A, US 5093860A, US-A-5093860, US5093860 A, US5093860A
InventorsKurt W. Steinbrenner, Michael W. Bright
Original AssigneeMotorola, Inc.
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Key management system
US 5093860 A
Abstract
This key management system effectively solves the key distribution problems of distance, time, operator error, and security risk by transferring encryption keys with appropriate system information between a key management controller (101) and a remote keyloader (109). The keyloader (109) is then coupled to a communication device to transfer (327) the keys and receive (329) identification information from the communication device. The keyloader (109) then sends (323) the information to the key management controller (101) that controls the distribution of the encryption keys and collection of the communication device identifications.
Images(3)
Previous page
Next page
Claims(15)
We claim:
1. A key management system for a secure communication system, using a keyloader to load at least one encryption key into a communication device, comprising:
means for controlling distribution of a plurality of encryption keys;
means, coupled to said means for controlling, for conveying at least one of said plurality of encryption keys to the keyloader;
means for coupling the keyloader to the communication device; and
means for transferring said at least one of said plurality of encryption keys to the communication device.
2. The key management system of claim 1, further comprising means for storing said plurality of encryption keys.
3. The key management system of claim 1 further comprising:
means, coupled to said means for transferring, for accepting an identification from the communication device; and
means, coupled to said means for conveying, for sending said identification to said means for controlling.
4. The key management system of claim 3 further comprising means for encrypting said identification.
5. The key management system of claim 4 further comprising means for decrypting said encrypted identification.
6. The key management system of claim 1 further comprising means for encrypting said at least one of said plurality of encryption keys.
7. The key management system of claim 6, further comprising:
means for determining if said at least one of said plurality of encryption keys is encrypted; and
means, coupled to said means for determining, for decrypting said encrypted at least one of said plurality of encryption keys.
8. A keyloader for use with an external communication device in a key management system employing an external source of key control, comprising:
means for entering user information;
means, coupled to said means for entering, for accessing the external source of key control;
means, coupled to said means for entering, for requesting at least one encryption key from the external source of key control;
means, for receiving said at least one requested encryption key;
means, coupled to said receiving means, for storing said at least one requested encryption key; and
means, coupled to said storing means, for transferring said at least one requested encryption key to the external communication device.
9. The keyloader of claim 8, further comprising:
means, coupled to said means for transferring, for accepting an identification from the external communication device; and
means, coupled to said means for accepting, for sending said identification to the external source of key control.
10. The keyloader of claim 9, further comprising means, coupled to said means for accepting, for encrypting said identification.
11. The keyloader of claim 8, further comprising:
means, coupled to said means for receiving, for determining if said at least one requested encryption key is encrypted; and
means, coupled to said means for determining, for decrypting said at least one encrypted encryption key.
12. A method of key management in a key loader for use with an external communication device in a key management system employing an external source of key control, comprising the steps of:
accessing the external source of key control;
requesting, responsive to said step of accessing, at least one encryption key from the external source of key control;
receiving, responsive to said step of requesting, said at least one encryption key from the external source of key control;
storing, responsive to said step of receiving, said at least one received encryption key; and
transferring said at least one received encryption key to the external communication device.
13. The method of key management of claim 12, further comprising the steps of:
accepting, responsive to said step of transferring, an identification from the external communication device; and
sending, responsive to said step of accepting, said identification to the external source of key control.
14. The method of key management of claim 13, further comprising the step of encrypting said identification.
15. The method of key management of claim 12, further comprising the steps of:
determining, responsive to said step of receiving, if said at least one received encryption key is encrypted; and
decryption, responsive to said step of determining, said at least one received encrypted encryption key.
Description
FIELD OF THE INVENTION

This invention is concerned with encrypted communication systems. More particularly, this invention is concerned with key management for an encrypted communication system.

BACKGROUND OF THE INVENTION

Encrypted voice and data systems are well known. Many of these systems provide secure communication between two or more users by sharing one piece of information between the users, which permits only those users knowing it to properly decrypt the message. This piece of information is known as the encryption key variable, or key for short. Loading this key into the actual encryption device in the secure communication unit is a basic requirement that allows secure communication to occur. To retain security over a long period of time, the keys are changed periodically, typically weekly or monthly.

Loading new keys, called rekeying, can be done in various ways. Over-the-channel rekeying is achieved by transmitting the encrypted keys from a central keyloading site either individually or simultaneously to all units in the group over a typical encrypted communication channel.

Manual rekeying is accomplished by plugging a cable from a portable, hand-held keyloading device (also called a key variable loader, or keyloader for short) to the secure unit and downloading the keys from the keyloader into the secure unit by pressing the appropriate buttons on the keyloader. Over-the-channel rekeying takes a few seconds, and the process involved in manual keyloading, including locating the unit, connecting the loader, etc., takes much longer.

Before over-the-channel rekeying was available, manual rekeying was the primary technique available for rekeying. In communication systems with hundreds of users, it was necessary to have several keyloaders to rekey the entire system in a reasonable amount of time. These keyloaders are not inexpensive and require manual entry of keys, a time-consuming procedure that is prone to operator error and is inherently a security risk. It is possible to download unencrypted keys from one keyloader to another, called cloning, by connecting the keyloaders together via a cable, thereby removing operator error during the entry of the key variables. Keyloaders are typically spread over the entire area of the system, which can be thousands of square kilometers. This makes exclusive use of cloning impractical for a large system.

It is evident that use of an over-the-channel rekeying system is a big time-saver and a security improvement when rekeying a large system. Using such a system reduces the need for a large number of keyloaders. There may be older secure units in the system that are incapable of over-the-channel rekeying or there may be some remote areas in the system that are out of range of the over-the-channel rekey system, thus keyloaders are still needed. These keyloaders must still receive the new keys, and the old problems of distance, time, operator error, and security risk have not gone away.

With the continually increasing size of systems and the growing need for system security, it is apparent that a more practical approach to key distribution for keyloaders is essential.

SUMMARY OF THE INVENTION

This invention encompasses a key management system for a secure communication system, using a keyloader to load at least one encryption key into a communication device and controlling the distribution of a plurality of encryption keys. At least one of the plurality of encryption keys is conveyed to the keyloader, which is coupled to the communication device for transfer of the at least one of the plurality of encryption keys.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A and 1B incorporate a diagram of a key management system in accordance with the invention.

FIG. 2 is a block diagram of a keyloader in accordance with the invention.

FIG. 3 is a flowchart illustrating the steps executed by a keyloader in a key management system in accordance with the invention.

FIG. 4 is a flowchart illustrating the steps executed when using a Key Management Controller in a key management system in accordance with the invention.

DESCRIPTION OF A PREFERRED EMBODIMENT

The following describes a method and apparatus for key management in an over-the-channel rekey system. In the preferred embodiment, the over-the-channel rekey system includes a Key Management Controller (KMC), a key variable loader (KVL), such as a T3011CX, and a mobile radio, such as a Syntor X 9000, all available from Motorola, Inc. A conventional data modem is optional. The KMC includes a database that records in its RAM secure unit IDs, keys, and which units have/need what keys, and is a central control point for distributing this data over the communication channel.

In the preferred embodiment of the invention, the user requests information from the KMC with commands entered into the KVL, also known as a remote KVL. Referring to FIG. 1A, the user initiates the transfer by entering the proper commands into the KVL 109, which in turn places a phone call to access the KMC 101 through the modem 107, standard telephone lines 105, and the modem 103 attached to the KMC 101. Key data, such as the logical ID, key group map, and encryption key, is passed from the KMC 101 to the modem 103, which passes the information along the telephone lines 105 to the modem 107 attached to the KVL 109. In the preferred embodiment of the invention, all key data passed between the KMC 101 and KVL 109 is encrypted for security reasons. The KVL 109 may be connected directly to the KMC 101 with a null modem if in close proximity. The null modem replaces the first modem 103, the telephone lines 105, and the second modem 107 from FIG. 1A. The KVL 109 is then used to transfer key data to the radio 111 or other encrypted unit. Whether using telephone lines with modems or a null modem, the channel for key transfer is not the same as the one(s) used for over-the-channel rekeying or encrypted voice or data communications.

Transfer of key data using a remote KVL removes the necessity for an operator to enter the data manually, thereby increasing security, because he does not know the actual encryption keys. Operator error is reduced, since he does not enter the keys with the keypad. With any telephone lines, data can be transferred easily without travelling a great distance, thus saving time while reaching devices outside the KMC radio calling range. Utilizing a remote KVL allows radios from older systems without over-the-channel rekeying capability to be integrated easily with newer systems having the capability.

FIG. 2 shows a block diagram of a KVL in accordance with the invention. The KVL is connected to the KMC, via telephone line, at the key data interface 201. A user calls the KMC by manipulation of the KVL keypad 209. The KVL microprocessor 203 then accesses the KMC through the key data interface 201. When the KMC accepts the call, the microprocessor 203 receives the acknowledgment through the key data interface 201 and puts a message on the KVL display 207. The microprocessor 203 automatically sends a request for key variable data to the KMC. The KMC receives the request from the KVL and sends the appropriate encrypted data which enters the key data interface 201 into the microprocessor 203. The microprocessor 203 determines if the data is encrypted, and if so, sends it to the encryption device 211 for decryption and stores the resultant information in memory 205. The user then disconnects the KVL from the KMC and attaches it to a radio. The desired key transfer is entered by keypad 209. Typical key transfer protocol is completed, and the radio identification (ID) is transferred to the microprocessor 203 through the key data interface 201. This ID is stored in memory 205 with the key(s) sent to the radio. After the keys and/or group maps have been distributed to a group of radios or other encrypted devices, the user reconnects the KVL to the KMC. After repeating the procedure to place a call to the KMC, the KMC acknowledges the connection. Upon receiving the acknowledgment, the KVL sends a request for more key variable data. After receiving a new set of key data, the KVL uploads the previously recorded radio IDs with the logical ID of the key or group map transferred to each radio. This information may be encrypted by the encryption device 211, as directed by the microprocessor 203. This data is sent through the key data interface 201 to the KMC to complete the cycle.

The KVL has an identification code, stored in memory 205, which is used by the KMC to verify proper access of key data, as a measure of additional security. Although not described here, other key information may be stored in memory 205. The KMC phone number, which is entered into the KVL with the keypad 209, may also be stored in memory 205.

The KVL can receive encrypted data, for additional security, or unencrypted data through its key data interface 201. The ability to process encrypted data received on the key data interface, allows the KMC to transfer sensitive data to the KVL at a remote location without security risk.

FIG. 3 is a flowchart illustrating the steps executed by a remote keyloader in the key management system of the preferred embodiment. Summarizing the flowchart, the KVL accesses 301 the KMC and receives 303 acknowledgment of the access from the KMC. The KVL then requests 305 and receives 307 key data from the KMC. The KVL determines 309 if the data is encrypted, decrypts 311 it, and stores 313 it. If the data is not encrypted 309, the KVL discards it in the preferred embodiment of the invention. After all of the key data has been transferred, the KVL searches 315 the unit ID list to see if data has been transferred to any radio units. If any IDs have been recorded 317, then the KVL sends 323 the previously recorded unit IDs with the key information, such as the logical ID of the key or group map transferred to each unit, after encrypting 321 the data, if desired 319. The KVL then terminates 325 the call. When connected to a radio, the KVL transfers 327 the key data. The KVL then accepts the radio ID (or unit ID) and stores it in memory. When all radios have had the key data transferred to them 331, the KVL is ready to access the KMC to request additional key data and to send the IDs recorded.

FIG. 4 is a flowchart illustrating the steps executed when using a KMC in the key management system of the preferred embodiment. Briefly, the KMC receives 401 a call for access from the KVL, including a KVL ID. The KMC checks 403 the KVL ID for validity. If an invalid KVL ID is found, the KMC terminates 405 the call. Upon recognition of a valid KVL ID, the KMC acknowledges 407 the KVL's call and waits until it receives 409 a request for key data from the KVL. The KMC encrypts 413, if desired 411, and provides 415 the key data to the KVL. The KMC may now accept previously recorded unit IDs and key information sent 417 by the KVL. The KMC determines 419 if the data from the KVL was encrypted, decrypts 421 it if necessary, and stores 423 it. The KMC then receives 425 notice of call termination from the KVL.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US4281216 *Apr 2, 1979Jul 28, 1981Motorola Inc.Key management for encryption/decryption systems
US4731840 *May 6, 1985Mar 15, 1988The United States Of America As Represented By The United States Department Of EnergyMethod for encryption and transmission of digital keying data
US4897875 *Sep 3, 1987Jan 30, 1990The Manitoba Telephone SystemKey management system for open communication environments
US4965804 *Feb 3, 1989Oct 23, 1990Racal Data Communications Inc.Key management for encrypted packet based networks
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US5185796 *May 30, 1991Feb 9, 1993Motorola, Inc.Encryption synchronization combined with encryption key identification
US5191610 *Feb 28, 1992Mar 2, 1993United Technologies Automotive, Inc.Remote operating system having secure communication of encoded messages and automatic re-synchronization
US5199072 *Feb 3, 1992Mar 30, 1993Motorola, Inc.Method and apparatus for restricting access within a wireless local area network
US5220603 *Feb 25, 1992Jun 15, 1993International Computers LimitedAccess control in a distributed computer system
US5293576 *Nov 21, 1991Mar 8, 1994Motorola, Inc.Command authentication process
US5335281 *Dec 15, 1992Aug 2, 1994Motorola, Inc.Network controller and method
US5341425 *Dec 2, 1992Aug 23, 1994Scientific Atlanta, Inc.Methods and apparatus for uniquely encrypting data at a plurality of data transmission sites for transmission to a reception site
US5341426 *Dec 15, 1992Aug 23, 1994Motorola, Inc.Cryptographic key management apparatus and method
US5363447 *Mar 26, 1993Nov 8, 1994Motorola, Inc.Method for loading encryption keys into secure transmission devices
US5402490 *Sep 1, 1992Mar 28, 1995Motorola, Inc.Process for improving public key authentication
US5404404 *Jul 1, 1993Apr 4, 1995Motorola, Inc.Method for updating encryption key information in communication units
US5465300 *Dec 27, 1993Nov 7, 1995Motorola, Inc.Secure communication setup method
US5588062 *Jul 13, 1995Dec 24, 1996Motorola, Inc.Secure communication setup method
US5615266 *Jan 11, 1996Mar 25, 1997Motorola, IncSecure communication setup method
US5619572 *Jun 16, 1994Apr 8, 1997Motorola, Inc.Method and apparatus for providing secure communications for a requested call
US5787172 *Feb 24, 1994Jul 28, 1998The Merdan Group, Inc.Apparatus and method for establishing a cryptographic link between elements of a system
US5966443 *Apr 30, 1996Oct 12, 1999Motorola, Inc.Method for correcting subscriber-based secure call keys
US6148400 *Jul 27, 1998Nov 14, 2000The Merdan Group, Inc.Apparatus and method for establishing a crytographic link between elements of a system
US6212280Oct 21, 1999Apr 3, 2001L3-Communications CorporationApparatus and methods for managing key material in heterogeneous cryptographic assets
US6442690Oct 21, 1999Aug 27, 2002L3-Communications CorporationApparatus and methods for managing key material in heterogeneous cryptographic assets
US6456716May 2, 2000Sep 24, 2002Merdan Group, Inc.Apparatus and method for establishing a crytographic link between elements of a system
US7092527Apr 18, 2002Aug 15, 2006International Business Machines CorporationMethod, system and program product for managing a size of a key management block during content distribution
US7243234 *Aug 29, 2003Jul 10, 2007Motorola, Inc.Encryption key rekeying apparatus and method
US8401195 *Sep 22, 2008Mar 19, 2013Motorola Solutions, Inc.Method of automatically populating a list of managed secure communications group members
US8549297 *Jul 26, 2006Oct 1, 2013Hewlett-Packard Development Company, L.P.Data transfer device library and key distribution
US8688987 *Jul 30, 2012Apr 1, 2014Honeywell International Inc.Secure key distribution with general purpose mobile device
US20100074446 *Sep 22, 2008Mar 25, 2010Motorola, Inc.Method of automatically populating a list of managed secure communications group members
US20130251153 *Jul 26, 2006Sep 26, 2013Andrew TophamData transfer device library and key distribution
EP1226679A1 *Aug 25, 2000Jul 31, 2002Motorola, Inc.Communication protocol for secure communications systems
WO1994013081A1 *Dec 1, 1993Jun 9, 1994Scientific AtlantaMethods and apparatus for uniquely end encrypting data
WO1994023513A1 *Feb 23, 1994Oct 13, 1994Motorola IncA method for loading encryption keys into secure transmission devices
WO2001017160A1 *Aug 25, 2000Mar 8, 2001Motorola IncKey management methods for secure communication systems
WO2001031837A1 *Aug 25, 2000May 3, 2001Motorola IncCommunication protocol for secure communications systems
Classifications
U.S. Classification380/273, 380/52, 380/277
International ClassificationH04L9/08
Cooperative ClassificationH04L9/0827, H04L9/083, H04L9/0891
European ClassificationH04L9/08F2F, H04L9/08F2H, H04L9/08T
Legal Events
DateCodeEventDescription
Aug 28, 2003FPAYFee payment
Year of fee payment: 12
Jun 4, 1999FPAYFee payment
Year of fee payment: 8
May 1, 1995FPAYFee payment
Year of fee payment: 4
Sep 27, 1990ASAssignment
Owner name: MOTOROLA, INC., ILLINOIS
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNORS:STEINBRENNER, KURT W.;BRIGHT, MICHAEL W.;REEL/FRAME:005466/0760
Effective date: 19900926